Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[analyzer] Wrong warning location of memory leak #120586

Open
mvpant opened this issue Dec 19, 2024 · 4 comments
Open

[analyzer] Wrong warning location of memory leak #120586

mvpant opened this issue Dec 19, 2024 · 4 comments
Labels
clang:static analyzer

Comments

@mvpant
Copy link

mvpant commented Dec 19, 2024 

// clang --analyze -Xanalyzer -analyzer-output=text

#include <stdint.h>
#include <stdlib.h>
#include <stdbool.h>

void leak(bool v1) {
  void* v3 = malloc(1);
  if (v3 != NULL) {
    int v5 = 0; // <--- warning: Potential leak of memory pointed to by 'v3' [unix.Malloc]
    if (v1) {
      return; // <--- Expected warning location
    }
  }
  return;
}

void leak2(bool v1) {
  void* v3 = malloc(1);
  if (v3 != NULL) {
    if (v1) { // <--- warning: Potential leak of memory pointed to by 'v3' [unix.Malloc]
      return; // <--- Expected warning location
    }
  }
  return;
}

void caller() {
  leak(1);
  leak2(1);
  return;
}

Godbolt example
@llvmbot
Copy link
Member

llvmbot commented Dec 19, 2024

@llvm/issue-subscribers-clang-static-analyzer

Author: Michael (mvpant)

```c // clang --analyze -Xanalyzer -analyzer-output=text

#include <stdint.h>
#include <stdlib.h>
#include <stdbool.h>

void leak(bool v1) {
void* v3 = malloc(1);
if (v3 != NULL) {
int v5 = 0; // <--- warning: Potential leak of memory pointed to by 'v3' [unix.Malloc]
if (v1) {
return; // <--- Expected warning location
}
}
return;
}

void leak2(bool v1) {
void* v3 = malloc(1);
if (v3 != NULL) {
if (v1) { // <--- warning: Potential leak of memory pointed to by 'v3' [unix.Malloc]
return; // <--- Expected warning location
}
}
return;
}

void caller() {
leak(1);
leak2(1);
return;
}


[Godbolt example](https://godbolt.org/z/8qGP347Yv)
</details>

@Flandini
Copy link
Contributor

Looks like the leak is getting reported on a path immediately after v3 is dead. In MallocChecker::checkDeadSymbols, HandleLeak is getting called on the conjured symbol returned by malloc at these warning locations because it is dead.

It's not a wrong spot to warn, the question is if this is the best spot to warn or if a different warning message would help

@steakhal
Copy link
Contributor

Looks like the leak is getting reported on a path immediately after v3 is dead. In MallocChecker::checkDeadSymbols, HandleLeak is getting called on the conjured symbol returned by malloc at these warning locations because it is dead.

It's not a wrong spot to warn, the question is if this is the best spot to warn or if a different warning message would help

Your assessment is correct. To me, it looks good, but I'm already used to weirdly placed leak diags.
If you know better places to shift this fiag, I'm all ears.

@steakhal
Copy link
Contributor

Btw, why do you expect for the first leak case the diag at the first return statement? If I'd follow the reasoning, wouldn't be equally expected at the other return statement too?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
clang:static analyzer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@steakhal @mvpant @EugeneZelenko @Flandini @llvmbot